Microsoft is all set to roll out a hefty set of patches next week under its Patch Tuesday cycle containing fixes for Windows OS, Office productivity suite and Internet Explorer. In the…
Tag: Vulnerability
Shellshock Bash bug pegged as ‘worse than Heartbleed’
The biggest security threat – ‘bigger than Heartbleed’ – as numerous researchers are touting it, is looming large over every computer-user. Reportedly concealed in one of the most fundamental interfaces powering the…
Microsoft announces ‘Online Services Bug Bounty Program’
Outlook, Office365, Yammer, SharePoint and Lync are some of the participating online services included in the Bug Bounty Program.
iPhone users may receive bill shocks owing to app vulnerability, security researcher says
Andrei Neculaesei: While I only tested on a few apps which are big names, it is safe to assume that the smaller teams and platform haven’t even thought about preventing this.
Disqus plugin v2.77 for WordPress vulnerable to CSRF
Disqus did patch the XSS and CSRF vulnerabilities reported earlier, but it seems that the company has actually missed out on completely patching the CSRF flaw.
PayPal’s two-factor authentication can be bypassed easily, researcher says via full disclosure
You will need a PayPal user’s username and password to circumvent this, but those can be obtained from a compromised system or can be bought online for a few $$ easily.
Android vulnerability Fake ID puts 82 percent devices at risk
A new vulnerability dubbed Fake ID, which lets third party apps downloaded by the user to copy identity credentials of trusted applications, has been discovered by security researchers over at Bluebox security….
Apple goes after outdated Flash versions; blocks them
Just like Java, Flash is proving to be one of those plugins that is becoming a pain for many.
Over 300K servers still vulnerable to Heartbleed bug
It’s going to be 3 months since the discovery of Heartbleed, and 309,197 servers are yet to be patched!
Microsoft issues patch for Malware Protection Engine vulnerability
Redmond fixes flaw in its own anti-malware engine that could otherwise lead to denial of service condition if exploited.
Twitter restores TweetDeck after taking it offline following discovery of XSS vulnerability
The vulnerability, which was believed to be patched, isn’t actually fixed and Twitter had to take the extreme step of taking Tweetdeck offline.
eBay riddled with XSS flaws
The perils of eBay continue! After a week of intense drama about security breach, researchers have disclosed information on XSS flaws.
Apple too late to curb iCloud activation mechanism flaw
Apple is so too late in fixing a flaw in its iCloud activation mechanism that leaves iOS users vulnerable to a man-in-the-middle attack, allowing easy restore of lost iDevices without authentication, claims…
Healthcare.gov resets passwords of all registered users in wake of Heartbleed
Healthcare.gov has reset passwords of all its registered users after reports of active Heartbleed exploit have surfaced on the web. Heathcare.gov has noted that there have been no instances of information compromise…
Tor: ‘We’ll lose about 12% of guard and exit capacity’ because of Heartbleed
Tor (The Onion Router), the internet traffic anonymising service, is bleeding due to the Heartbleed vulnerability, claims a recent report. According to the Register, some of the Tor nodes are running compromised…